What means invalid_http_syntax?

Security Gateway Discussions
Post Reply
fberzl
Posts: 2
Joined: 21 Feb 2017, 16:43

What means invalid_http_syntax?

Post by fberzl » 05 Mar 2018, 09:53

Hello all,

we have a W20-HQ with cOS 12.00.08.20 and since yesterday i receive following error:

Code: Select all

2018-03-05T09:38:25.870+01:00 sev=err cat=ALG id=00200144 rev=1 event=invalid_http_syntax action=close type=request reason="invalid HTTP method" connipproto=TCP connrecvif=G1_lan connsrcip=<ip_from_our_exchange_server> connsrcport=56918 conndestif=G5_lte conndestip=81.19.104.39 conndestport=443 origsent=667 termsent=52 algname=38_https_lan algmod=lw-http algsesid=28992 
The destination IP is a IP from kaspersky. At the connsrcip running kaspersky security center and kaspersky email security for exchange server.
Anyone an idea what suddenly is the problem? What exactly does the error mean?

thanks in advance.
fberzl

mape
Posts: 41
Joined: 24 Oct 2016, 08:23

Re: What means invalid_http_syntax?

Post by mape » 07 Mar 2018, 09:20

Hello,

The "invalid HTTP method" log message means that we received data that is not http, this could include the "protocol upgrade" or that the traffic is not legit http traffic.

The log reference guide mentions the following:
"The HTTPALG received malformed HTTP syntax and closed the connection."

And the recommended action is the following:
"Investigate why malformed HTTP syntax was received."

An idea might be to activate the "allow unknown protocols" on the Policy that you're using.
Another idea might be to check the protocols allowed on the service, if it's just HTTP or if it also includes HTTPS.

Best Regads
Mape.

Post Reply